Securing Mobile Apps for First Responders
This post is also available in: 
עברית (Hebrew)
In emergency and disaster situations, mobile apps and devices enable public-safety professionals to receive and share critical information in real-time, which enhances the delivery of life-saving services. As reliance on mobile technology grows, it is important that mobile apps used by public safety are free of malware or vulnerabilities.
A pilot project by the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) resulted in the successful remediation of potential cybersecurity vulnerabilities in mobile applications used by public-safety professionals, supporting the creation of an on-going mobile app-testing program.
The goals of the pilot testing project—“Securing Mobile Applications for First Responders”
were to improve mobile app security for the public-safety community and determine the need for a sustainable model for testing the security and privacy-protection capabilities of public-safety apps.
To these ends, the pilot sought to determine the degree to which the selected public-safety apps are vulnerable to cyberattacks — malware, ransomware and spyware — or had coding vulnerabilities that could compromise the device’s security, expose personal data or allow for eavesdropping, according to newswise.com.
Vincent Sritapan, S&T’s Program Manager for Mobile Security Research and Development said: “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”
The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or Short Message Service messages — in 32 of 33 popular apps that were tested. 18 apps were discovered to have critical flaws.
Pilot project leaders worked with each app developer to remediate identified vulnerabilities. “As more apps are adopted for public-safety missions, it is critical that a formal, ongoing app-evaluation process with incentives for developer participation be adopted to ensure current and new mobile apps are free of vulnerabilities,” said John Merrill, Director of the S&T FRG Next Generation First Responder Apex program.
